This publication does not constitute legal, accounting or other professional advice. Although it is intended to be accurate, neither the publisher nor any other party assumes liability for loss or damage due to reliance on this material. © 2014 Commerce Bancshares, Inc.

The recent onslaught of infamous data breaches – Target, Home Depot, Michael’s and Jimmy John’s, among many others – has heightened public awareness regarding data security. Behind the frequent media coverage of those stories exist numeric proof of increasing breach incidents; a recent study conducted by the Ponemon Institute, and sponsored by Experian plc, found that 43% of diverse companies surveyed have experienced a data breach in the past year, up 10% from 20131.

Fraudulent activity is a perpetual threat in the payment card industry, which is why Commerce Bank constantly evaluates the methodologies that help safeguard your business from compromises. To attain your organization’s data protection goals requires a thorough understanding of Commerce’s multi-layered approach to comprehensive data security.

The first component is compliance with the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS represents the global standard for safely handling cardholder information. All merchants that process, store or transmit cardholder data must be compliant with this standard, and as such, Commerce Bank takes proactive measures to ensure merchant adoption of these standards, as well as ongoing maintenance.

Industry Hot Topic – Data Security

What’s Inside...

Merchant Client Support CenterOur in-house Merchant Support Center is available toll-free for personalized customer service during business hours, with dedicated, highly trained Commerce Bank representatives ready to help with your needs.

Merchant Support Center 1.800.828.1629 Monday – Friday 7:00 a.m. to 6:00 p.m. CT Visit us at commercebank.com/MerchantServices

Processing News:(P.1-2) Industry Hot Topic – Data Security

FYI on PCI:(P.2) Avoid Fees, Complete Annual

Compliance Questionnaire

Best Practices:(P.3) Post-Holiday Return Policies

Spotlight:(P.4) Merchant Referral Rewards

CED0411I

Merchant Landscape

Prepared Exclusively for Commerce Bank Merchants

Winter 2014/2015

Referral RewardsIf you refer one or more fellow business owner(s) who could benefit from the same convenience and world-class service we provide you, Commerce will reward you with up to $500!*

Your friends will thank you when they too experience the benefits provided by one of the top-rated banks in the industry.

• Easy payment acceptance anytime, anywhere• Dedicated in-house support teams• Next business day funding• Advanced fraud security• 99.9% system uptime

For more information regarding our Referral Rewards program, including how to earn up to $500 for referring business friends to Commerce Bank Merchant Services, visit www.commercebank.com/ReferralRewards.

* This offer applies only to merchants who currently have an active merchant account with Commerce Bank Merchant Services. Offer is valid upon new merchant account activation by Referred party; Commerce Bank will apply a $100 credit to Referrer’s Merchant Services account within 90 days of Referred party’s new merchant account activation. Limited to five $100 credits per Tax ID, per year ($500 in credit per year). Offer subject to change at any time.

Spotlight

commercebank.com / 800.828.16294 1

J16860 Merchant Newsletter Winter 14-15_Generic.indd 1 12/10/2014 12:02:47 PM

With the coming of a new year, make a resolution to maintain Payment Card Industry Data Security Standards (PCI DSS) compliance with punctual submission of the requisite annual Self-Assessment Questionnaire (SAQ). Doing so helps you protect sensitive customer data and avoid a monthly Non-Compliance Fee of $19.95.

The PCI Security Standards Council recently published PCI DSS version 3.0, which emphasizes integrating security into day-to-day business practices and educating about enterprise-wide security. This update may bring minor variations in your SAQ, but the process remains the same – follow the steps below to effectively maintain your certification.

1. Remember, your SAQ renewal is based on the completion date of your last SAQ. 90 days prior to your PCI DSS compliance expiration you will receive an email from Trustwave, alerting you that it is time to recertify.

2. To ensure you receive Trustwave emails, log in to your Trustwave TrustKeeper® account – https://login.trustwave.com – and update your account with a current email address. Verify Trustwave is on your email system’s approved senders list.

3. Review the “PCI Self-Assessment” section on your dashboard.

4. Click “Start” to restart your SAQ. (Or, if you have already begun a new assessment, click “Continue” to complete.)

5. Once you’ve completed the PCI Self- Assessment, the PCI Certification Status on your dashboard will indicate that you have renewed your SAQ for another year.

Commerce Bank employs a dedicated PCI Business Analyst to support your understanding, awareness and progression toward PCI compliance. Should you have any questions regarding PCI DSS or obtaining certification, call us at 1-800-828-1629.

(Continued from page 1)

Visit us at www.commercebank.com/MerchantServices

Commerce Bank’s TransArmor® solution, a powerful tool offering layered protection, serves to further protect your business. Using encryption and tokenization, the solution constantly maintains the safety of sensitive payment information throughout the entire transaction process – from the moment card information is presented at the point of sale to final settlement.

Europay, MasterCard and Visa (EMV) chip card provides an additional layer of security. EMV cards contain embedded computer chips that validate both card and cardholder. The chip is virtually impossible to duplicate, and combined with stronger authentication methods, make counterfeit

fraud in Point-of-Sale (POS) transactions nearly impossible. Commerce Bank noted the impending U.S. migration to an EMV-based infrastructure in the summer 2014 issue of Merchant Landscape. Our teams are ready and available to help merchants assess their readiness for a POS system compatible with the EMV chip platform and to offer solutions that best meet organizational need.

For more information about merchant data security, TransArmor or EMV, contact the Commerce Bank Merchant Support Center at 1-800-828-1629.1 “Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness”, Ponemon Institute©, September 2014

Fine Tune Return Policies and Minimize Post-Holiday Blues – for both you and your customers

Building customer loyalty, while a business goal year-round, is especially important during the holiday season. Adopting streamlined “best practices” to handle holiday exchanges and returns will support a seamless customer experience and benefit your loyalty efforts.

Exchanges & ReturnsIn stores, make sure all exchange and return policies are visible at the point of sale, and on receipts, order forms, invoices and contracts. Train staff to explain the policy to customers at checkout. Incorporate messaging into your online order process.

• In exchange for cash and check transactions, provide gift cards to refunds as in-store credit. Remember, you save the sale.

• Always issue credits back to the same card on which the transaction was processed. Card companies do not permit cash or check refunds on card transactions.

Reduce Chargebacks• List exact products and price, including additional charges, shipping and tax for online and/or mail/telephone orders.

• Produce manual imprint of card for magnetic stripe failure.

• For online orders, include transaction agreement terms above the “click-to-agree”.

• Inform customers what name they can expect to appear on their statements (especially if a third-party processor).

• Reply to all chargebacks in detail. Include each item on a separate document; print copies of all supporting documents.

• Maintain a professional response – always present remarks in a cover letter and emphasize pertinent information rather than marking informal notes on supporting documents.

If you have any questions regarding these best practices, please contact the Merchant Support Center at 1-800-828-1629.

Avoid Fees, Complete Annual Compliance Questionnaire

Best Practices

FYI on PCI

2 3

J16860 Merchant Newsletter Winter 14-15_Generic.indd 2 12/10/2014 12:02:49 PM

With the coming of a new year, make a resolution to maintain Payment Card Industry Data Security Standards (PCI DSS) compliance with punctual submission of the requisite annual Self-Assessment Questionnaire (SAQ). Doing so helps you protect sensitive customer data and avoid a monthly Non-Compliance Fee of $19.95.

The PCI Security Standards Council recently published PCI DSS version 3.0, which emphasizes integrating security into day-to-day business practices and educating about enterprise-wide security. This update may bring minor variations in your SAQ, but the process remains the same – follow the steps below to effectively maintain your certification.

1. Remember, your SAQ renewal is based on the completion date of your last SAQ. 90 days prior to your PCI DSS compliance expiration you will receive an email from Trustwave, alerting you that it is time to recertify.

2. To ensure you receive Trustwave emails, log in to your Trustwave TrustKeeper® account – https://login.trustwave.com – and update your account with a current email address. Verify Trustwave is on your email system’s approved senders list.

3. Review the “PCI Self-Assessment” section on your dashboard.

4. Click “Start” to restart your SAQ. (Or, if you have already begun a new assessment, click “Continue” to complete.)

5. Once you’ve completed the PCI Self- Assessment, the PCI Certification Status on your dashboard will indicate that you have renewed your SAQ for another year.

Commerce Bank employs a dedicated PCI Business Analyst to support your understanding, awareness and progression toward PCI compliance. Should you have any questions regarding PCI DSS or obtaining certification, call us at 1-800-828-1629.

(Continued from page 1)

Visit us at www.commercebank.com/MerchantServices

Commerce Bank’s TransArmor® solution, a powerful tool offering layered protection, serves to further protect your business. Using encryption and tokenization, the solution constantly maintains the safety of sensitive payment information throughout the entire transaction process – from the moment card information is presented at the point of sale to final settlement.

Europay, MasterCard and Visa (EMV) chip card provides an additional layer of security. EMV cards contain embedded computer chips that validate both card and cardholder. The chip is virtually impossible to duplicate, and combined with stronger authentication methods, make counterfeit

fraud in Point-of-Sale (POS) transactions nearly impossible. Commerce Bank noted the impending U.S. migration to an EMV-based infrastructure in the summer 2014 issue of Merchant Landscape. Our teams are ready and available to help merchants assess their readiness for a POS system compatible with the EMV chip platform and to offer solutions that best meet organizational need.

For more information about merchant data security, TransArmor or EMV, contact the Commerce Bank Merchant Support Center at 1-800-828-1629.1 “Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness”, Ponemon Institute©, September 2014

Fine Tune Return Policies and Minimize Post-Holiday Blues – for both you and your customers

Building customer loyalty, while a business goal year-round, is especially important during the holiday season. Adopting streamlined “best practices” to handle holiday exchanges and returns will support a seamless customer experience and benefit your loyalty efforts.

Exchanges & ReturnsIn stores, make sure all exchange and return policies are visible at the point of sale, and on receipts, order forms, invoices and contracts. Train staff to explain the policy to customers at checkout. Incorporate messaging into your online order process.

• In exchange for cash and check transactions, provide gift cards to refunds as in-store credit. Remember, you save the sale.

• Always issue credits back to the same card on which the transaction was processed. Card companies do not permit cash or check refunds on card transactions.

Reduce Chargebacks• List exact products and price, including additional charges, shipping and tax for online and/or mail/telephone orders.

• Produce manual imprint of card for magnetic stripe failure.

• For online orders, include transaction agreement terms above the “click-to-agree”.

• Inform customers what name they can expect to appear on their statements (especially if a third-party processor).

• Reply to all chargebacks in detail. Include each item on a separate document; print copies of all supporting documents.

• Maintain a professional response – always present remarks in a cover letter and emphasize pertinent information rather than marking informal notes on supporting documents.

If you have any questions regarding these best practices, please contact the Merchant Support Center at 1-800-828-1629.

Avoid Fees, Complete Annual Compliance Questionnaire

Best Practices

FYI on PCI

2 3

J16860 Merchant Newsletter Winter 14-15_Generic.indd 2 12/10/2014 12:02:49 PM

This publication does not constitute legal, accounting or other professional advice. Although it is intended to be accurate, neither the publisher nor any other party assumes liability for loss or damage due to reliance on this material. © 2014 Commerce Bancshares, Inc.

The recent onslaught of infamous data breaches – Target, Home Depot, Michael’s and Jimmy John’s, among many others – has heightened public awareness regarding data security. Behind the frequent media coverage of those stories exist numeric proof of increasing breach incidents; a recent study conducted by the Ponemon Institute, and sponsored by Experian plc, found that 43% of diverse companies surveyed have experienced a data breach in the past year, up 10% from 20131.

Fraudulent activity is a perpetual threat in the payment card industry, which is why Commerce Bank constantly evaluates the methodologies that help safeguard your business from compromises. To attain your organization’s data protection goals requires a thorough understanding of Commerce’s multi-layered approach to comprehensive data security.

The first component is compliance with the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS represents the global standard for safely handling cardholder information. All merchants that process, store or transmit cardholder data must be compliant with this standard, and as such, Commerce Bank takes proactive measures to ensure merchant adoption of these standards, as well as ongoing maintenance.

Industry Hot Topic – Data Security

What’s Inside...

Merchant Client Support CenterOur in-house Merchant Support Center is available toll-free for personalized customer service during business hours, with dedicated, highly trained Commerce Bank representatives ready to help with your needs.

Merchant Support Center 1.800.828.1629 Monday – Friday 7:00 a.m. to 6:00 p.m. CT Visit us at commercebank.com/MerchantServices

Processing News:(P.1-2) Industry Hot Topic – Data Security

FYI on PCI:(P.2) Avoid Fees, Complete Annual

Compliance Questionnaire

Best Practices:(P.3) Post-Holiday Return Policies

Spotlight:(P.4) Merchant Referral Rewards

CED0411I

Merchant Landscape

Prepared Exclusively for Commerce Bank Merchants

Winter 2014/2015

Referral RewardsIf you refer one or more fellow business owner(s) who could benefit from the same convenience and world-class service we provide you, Commerce will reward you with up to $500!*

Your friends will thank you when they too experience the benefits provided by one of the top-rated banks in the industry.

• Easy payment acceptance anytime, anywhere• Dedicated in-house support teams• Next business day funding• Advanced fraud security• 99.9% system uptime

For more information regarding our Referral Rewards program, including how to earn up to $500 for referring business friends to Commerce Bank Merchant Services, visit www.commercebank.com/ReferralRewards.

* This offer applies only to merchants who currently have an active merchant account with Commerce Bank Merchant Services. Offer is valid upon new merchant account activation by Referred party; Commerce Bank will apply a $100 credit to Referrer’s Merchant Services account within 90 days of Referred party’s new merchant account activation. Limited to five $100 credits per Tax ID, per year ($500 in credit per year). Offer subject to change at any time.

Spotlight

commercebank.com / 800.828.16294 1

J16860 Merchant Newsletter Winter 14-15_Generic.indd 1 12/10/2014 12:02:47 PM